Stack-Based Buffer Overflow in Tenda i21
CVE-2024-4246

8.8HIGH

Key Information:

Vendor
Tenda
Status
I21
Vendor
CVE Published:
27 April 2024

Summary

A serious stack-based buffer overflow vulnerability is present in the Tenda i21 device, specifically affecting version 1.0.0.14. The vulnerability arises in the function formQosManageDouble_auto due to improper handling of the ssidIndex argument. This weakness allows an attacker to exploit the device remotely, potentially leading to unauthorized access and execution of arbitrary code. Despite proactive outreach, the vendor has not responded to notifications regarding this security concern. It is imperative for users of the affected product to apply mitigative measures to safeguard their devices.

Affected Version(s)

i21 1.0.0.14(4656)

References

https://vuldb.com/?id.262137
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262137
signaturepermissions-required
https://vuldb.com/?submit.319831
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yhryhryhr_miemie (VulDB User)
.